Windows Server 2012 Deep Dive – Day 2

by Peter Bursky

Windows Server 2012 Deep Dive

 

The 2nd day of this Microsoft session was a bit on a “heavier” side of things, but still a lot of interesting information.  Here’s the tidbits from today’s session.

NIC Teaming

I already looked in to Creating NIC teams using Powershell. The first information is more of a trick of the trade – to quickly access NIC team configuration, just go to Start/Open and type in

lbfoadmin.exe

And while at it, check the settings of the NIC team (if you have one), and see what the Load Balancing is set to. If you use this host as a Hyper-V host, you might want to change the properties to Hyper-V Port. I’ll have to review my NIC team creation script to reflect this setting.

Hyper-V Replica

Just a few short notes on this:

  • Hardware agnostic, e.g. doesn’t care what HW the primary and replica system are running on (including clustering, the source can be a cluster, replica does NOT)
  • Syncs every 5 minutes – CAN’T be changed
  • Use SSL for untrusted networks, Kerberos when AD is available
  • Don’t forget to allow incomming traffic (ports 80,443) on all firewalls en route (windows firewall, other hw firewalls, etc)
  • Consider creating a separate VHD file for paging – this can be excluded from migration, and still replicated system will be happy to start up

Live Migration

HA (High Availability) <> Live Migration

HA – If host in a cluster fails, VMs fail over automatically to another cluster member

Live Migration – pro-active migration of VMs

Authentication:

  • CredSSP – can only push migration from host you are logged in, usefull in limited case
  • Kerberos – recommended to be used

Kerberos Constrained Delegation

Used in non-clustered live migrations. Computer (host) accounts need to be delegated for it to work correctly. In Active Directory Users and Computers, enable Advanced Settings and open the properties of the hosts involved in Live Migration. Under Delegation Select the Trust this computer for delegation to specified services only, click Add to browse for the each other alternative host account(s) and from the services list select CIFS (for SMB file/folder access) and MSVS (Microsoft Virtual System Migration Service). For example if we have 3 hosts (Host1, Host2, Host3), the permissions would like as follows:

Kerberos Constrained Delegation

!!! IMPORTANT: After the delegation in AD has been updated, the host(s) need to be restarted

So that’s it from today’s session, i would like to express my thanks to all the presenters for the valuable information.

In category: Miscellaneous
Tagged with: ,